package com.juqimiao.outposts.spring.oauth2.api.controller;


import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.*;

import javax.annotation.security.DenyAll;
import java.security.Principal;

/**
 * Test Controller.
 * @author collin
 * @date 2019/05/02
 */
@RestController
public class MembershipController {


    /**
     * 演示如何获取到用户信息
     * @param authentication
     * @return
     */
    @RequestMapping("/membership/secret")
   // @DenyAll()
   // @PreAuthorize(value = "#hasAuthority('ROLE_USER:EMPLOYEE')")
    public @ResponseBody String getSecret(Authentication authentication) {
        return authentication.getName() + "--" + authentication.getAuthorities().stream().findFirst().get().getAuthority();
    }

    /**
     * 演示如何获取要用户信息
     * @param msg msg.
     * @param principal principal.s
     * @return String.
     */
    @RequestMapping(value = "/membership/msg", method = RequestMethod.GET)
    @ResponseBody
    public String getMessage(@RequestParam String msg, Principal principal) {
        return msg + ", " +principal.getName();
    }
}
